<?php
// 获取用户提交的表单数据。
$username = trim($_POST['username']);
$password = trim($_POST['password']);

// 后端验证输入。
if (!strlen($username) or !strlen($password)) {
    echo "<script>window.location.href = '../fail/index.html';</script>";
    exit;
} else {
    if (!preg_match('/^[a-zA-Z0-9]{1,32}$/', $username)) {
        echo "<script>window.location.href = '../fail/index.html';</script>";
        exit;
    }
    if (!preg_match('/^[a-zA-Z0-9\-_=+*!#]{8,32}$/', $password)) {
        echo "<script>window.location.href = '../fail/index.html';</script>";
        exit;
    }
}

// 连接数据库服务器。
include_once "../../conn.php";

// 查询数据库是否存在该用户名和密码是否正确。
$sql = "select * from `data` where username = '$username' and password = '" . md5($password) . "'";
$result = mysqli_query($conn,$sql);
$num = mysqli_num_rows($result);
if($num){
    echo "<script>window.location.href = '../succeed/index.html';</script>";
}
else{
    echo "<script>window.location.href = '../fail/index.html';</script>";
}